Dan Goodin / Ars Technica:
For about 10 years, millions of macOS and iOS apps using CocoaPods were vulnerable to a serious flaw in the dependency manager, which was patched last October — Apps that used code libraries hosted on CocoaPods were vulnerable for about 10 years. — Vulnerabilities that went undetected …